First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 166044
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Markus Rothe <corsair@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 166044 depends on: Show dependency tree
Show dependency graph
Bug 166044 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-02-09 09:41 0000 
Nexuiz >=2.2.1 fixes a security issue resulting is a DOS. 2.2.3 is already in
the tree, but not stable.

from http://www.frsirt.com/english/advisories/2006/4992 :


- Technical Description

Multiple vulnerabilities have been identified in Nexuiz, which could be
exploited by attackers to execute arbitrary commands or cause a denial of
service.

The first issue is due to an input validation error within "clientcommands",
which could be exploited by remote attackers to inject arbitrary commands.

The second issue is due to an error when processing player connections, which
could be exploited by attackers to crash a vulnerable application or exhaust
all available memory resources, creating a denial of service condition.


- Affected Products

Nexuiz versions prior to 2.2.1

------- Comment #1 From Mr. Bones. 2007-02-09 17:40:39 0000 ------- 
I removed 2.1

------- Comment #2 From Markus Rothe 2007-02-09 17:48:20 0000 ------- 
wasn't 2.1 the latest stable version for x86 and amd64?

------- Comment #3 From Markus Rothe 2007-02-09 17:51:11 0000 ------- 
whoops, you marked 2.2.3 stable, too. cool. thanks.

@security: what's next? glsa, no glsa?

------- Comment #4 From Mr. Bones. 2007-02-09 17:55:11 0000 ------- 
I think since 2.1 was stable a glsa would be good.

------- Comment #5 From Raphael Marichez 2007-02-10 22:20:56 0000 ------- 
Yes, good, you should join the security team :)

------- Comment #6 From Raphael Marichez 2007-02-25 16:12:40 0000 ------- 
GLSA 200702-09, thanks everybody and sorry for the delay
First Last Prev Next    No search results available      Search page      Enter new bug